Information Security Analyst overseeing security tools and incident responses. Engaging in corporate security initiatives within a technological framework.
TI
Hybrid Cybersecurity Analyst, Third-Party Risk & Technology Governance
Posted 4 months ago
About the role
- Cybersecurity Analyst at Trimble managing third-party cybersecurity risks and optimizing risk management processes with a focus on automation and AI security. Collaborating on assessments related to vendors and technologies.
Responsibilities
- Lead comprehensive cybersecurity risk assessments for new and existing vendors, partners, and suppliers.
- Analyze and validate vendor security documentation, including SOC 2, ISO 27001 certifications, and security questionnaires (SIG/CAIQ).
- Evaluate vendor control environments, specializing in cloud infrastructure (AWS, Azure, GCP), application security (OWASP Top 10), and data protection.
- Clearly articulate and document technical risks for both technical teams and senior business stakeholders.
- Collaborate with Legal and Procurement to develop, track, and enforce vendor risk remediation plans.
- Drive efficiency and consistency by analyzing and optimizing the end-to-end Third-Party Risk Management (TPRM) lifecycle.
- Design and implement automated workflows within our Governance, Risk, and Compliance (GRC) platform.
- Define, track, and report Key Performance Indicators (KPIs) and metrics to measure TPRM program health and effectiveness.
- Maintain core program documentation, including Standard Operating Procedures (SOPs) and assessment methodologies.
- Conduct specialized AI vendor security evaluations covering critical domains such as model integrity, data privacy, and adversarial attack resistance.
- Provide guidance on the secure and responsible adoption of third-party AI technologies to internal teams.
- Stay current with evolving AI regulatory frameworks (e.g., NIST AI RMF, EU AI Act) and emerging security threats.
- Leverage AI solutions to automate dynamic risk management and continuous testing of vendor controls.
Requirements
- 3 years of experience in an information security, IT audit, or technology risk management role.
- At least 2 years of direct, hands-on experience in Third-Party Risk Management (TPRM).
- Proven ability to analyze and streamline complex processes, with a track record of implementing successful improvements.
- Strong technical knowledge of core cybersecurity domains, including cloud security, network security, identity and access management (IAM), and encryption.
- Demonstrated experience interpreting security reports and assessing the effectiveness of technical controls.
- A strong interest in and foundational understanding of AI/ML technologies and their unique security challenges.
- Excellent analytical skills, with the ability to think critically and solve problems independently.
- Strong written and verbal communication skills, capable of engaging with a wide range of audiences.
- Hands-on experience with TPRM platforms.
Benefits
- Health insurance
- Professional development opportunities
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Cyber Security Analyst role supporting USAF Cloud One Architecture and common shared services contract. Involves compliance monitoring, incident response, and collaboration with cybersecurity teams.
Senior Cyber Security Analyst at GDIT identifying and mitigating cyber threats while ensuring compliance with NIST and ISO standards. Involves oversight of security controls and enterprise risk assessments.
Junior Information Security Analyst focusing on identity and access management at Evertec. Supporting operational activities and collaborating with IT and security teams in a hybrid setting.
Senior Cybersecurity Engineer at 3CON responsible for detection and response engineering in Brazilian pharmaceutical retail. Collaborating with teams and improving security controls continuously.
Lead Security Analyst managing operational guidance and analytical oversight for security across crisis regions. Collaborating for timely decision - making and information delivery to clients in the field.
Analista de Segurança da Informação na Minsait investigando e respondendo a incidentes de segurança. Envolvimento em gestão de vulnerabilidades e boas práticas de segurança.
Senior Security Analyst providing advanced cybersecurity services in Stockholm and Malmö. Monitoring environments and handling incidents while collaborating with clients to ensure cybersecurity resilience.
Staff Cybersecurity Analyst focusing on cloud security for Southern Glazer’s. Leading security assessments, managing incidents, and collaborating with teams to enhance security posture.
Analyst supporting Nuclear Cyber Security program at Duke Energy. Addressing cyber security threats and managing compliance across multiple nuclear operations.